Georgia Tech develops early warning system for cyberthreats

By GCN Staff

Jul 30, 2014

Information security specialists at Georgia Tech Research Institute (GTRI) have developed BlackForest, an open source intelligence gathering system that aims to give cybersecurity teams advance warning of pending attacks.

The system collects information from the public Internet, including social media, hacker forums and other sites where malware authors and others gather, GTRI said in its announcement. Connecting the information and relating it to past activities can let organizations know they are being targeted, help them understand the nature of the threat and allow them to prepare for specific types of attacks. Once attacks have taken place, BlackForest can help organizations identify the source and mechanism so they can beef up their security.

BlackForest can, for example, help anticipate distributed denial-of-service attacks, which typically involve thousands of people who use the same computer tool to flood corporate websites. BlackForest scours the Internet and taps into social media to find evidence of the attackers’ coordination. Similarly, malware innovations can be identified because authors often post new code to advertise its availability and seek feedback. Analyzing that code can provide advance warning of malware that may need to be addressed in the future.

Individual organizations could gather the kinds of information monitored by BlackForest, but few have the resources to connect the information, the research organization said. GTRI customizes the system to gather information specific to users and their industry segment.

“The average organization doesn’t have the means to crawl all of this data and put together the complex algorithms needed to identify the useful information,” said Christopher Smoak, a research scientist in GTRI’s emerging threats and countermeasures division. “Because we have the environment and the connectivity, we have what we need to obtain this information.”

GTRI has developed other cybersecurity systems: Apiary is a malware intelligence system that helps corporate and government security officials share information about the attacks they are fighting. Phalanx helps fight the spear phishing attacks that are carried out by tricking email recipients to open malware-infected attachments or follow malicious web links.